Psion Teklogix 9160 G2 Benutzerhandbuch
Chapter 10: Configuring Security
Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms
Comparison Of Security Modes For Key Management, Authentication And Encryption Algorithms
94
Psion Teklogix 9160 G2 Wireless Gateway User Manual
Recommendations
Static WEP was designed to provide security equivalent of sending unencrypted
data through an Ethernet connection, however it has major flaws and it does not
provide even this intended level of security.
data through an Ethernet connection, however it has major flaws and it does not
provide even this intended level of security.
Therefore, Static WEP is not recommended as a secure mode. The only time to use
Static WEP is when interoperability issues make it the only option available to you
and you are not concerned with the potential of exposing the data on your network.
Static WEP is when interoperability issues make it the only option available to you
and you are not concerned with the potential of exposing the data on your network.
See Also
For information on how to configure Static WEP security mode, see “Static WEP”
on page 102.
on page 102.
10.1.2.3
When To Use IEEE 802.1x
IEEE 802.1x is the standard for passing the Extensible Authentication Protocol
(EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation
Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.
(EAP) over an 802.11 wireless network using a protocol called EAP Encapsulation
Over LANs (EAPOL). This is a newer, more secure standard than Static WEP.
Recommendations
IEEE 802.1x mode is a better choice than Static WEP because keys are dynamically
generated and changed periodically. However, the encryption algorithm used is the
same as that of Static WEP and is therefore not as reliable as the more advanced
encryption methods such as TKIP and CCMP (AES) used in Wi-Fi Protected
Access (WPA) or WPA2.
generated and changed periodically. However, the encryption algorithm used is the
same as that of Static WEP and is therefore not as reliable as the more advanced
encryption methods such as TKIP and CCMP (AES) used in Wi-Fi Protected
Access (WPA) or WPA2.
Key Management
Encryption Algorithm
User Authentication
IEEE 802.1x provides
dynamically-generated
keys that are periodically
refreshed.
dynamically-generated
keys that are periodically
refreshed.
There are different Uni-
cast keys for each station.
cast keys for each station.
An RC4 stream cipher is used to
encrypt the frame body and cyclic
redundancy checking (CRC) of each
802.11 frame.
encrypt the frame body and cyclic
redundancy checking (CRC) of each
802.11 frame.
IEEE 802.1x mode supports a variety of
authentication methods, like certificates,
Kerberos, and public key authentication with a
RADIUS server.
authentication methods, like certificates,
Kerberos, and public key authentication with a
RADIUS server.
You have a choice of using the 9160 G2 Wire-
less Gateway embedded RADIUS server or an
external RADIUS server. The embedded
RADIUS server supports Protected EAP
(PEAP) and MSCHAP V2.
less Gateway embedded RADIUS server or an
external RADIUS server. The embedded
RADIUS server supports Protected EAP
(PEAP) and MSCHAP V2.
Table 10.2 IEEE 801.1x Security Mode